STIGQter: STIG Summary: Domain Name System (DNS) Security Requirements Guide Version: 2 Release: 4 Benchmark Date: 23 Oct 2015:

The DNS server implementation, for PKI-based authentication, must implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

DISA Rule

SV-69111r1_rule

Vulnerability Number

V-54865

Group Title

SRG-APP-000401-DNS-000051

Rule Version

SRG-APP-000401-DNS-000051

Severity

CAT II

CCI(s)

• CCI-001991 - The information system, for PKI-based authentication, implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network.

Weight

10

Fix Recommendation

Configure the DNS server, for PKI-based authentication, to implement a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network.

Check Contents

Review the DNS server implementation configuration to determine if the DNS server, for PKI-based authentication (i.e., SIG(0)), implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If the DNS server does not implement such a cache of revocation data, this is a finding.

Vulnerability Number

V-54865

Documentable

False

Rule Version

SRG-APP-000401-DNS-000051

Severity Override Guidance

Review the DNS server implementation configuration to determine if the DNS server, for PKI-based authentication (i.e., SIG(0)), implements a local cache of revocation data to support path discovery and validation in case of the inability to access revocation information via the network. If the DNS server does not implement such a cache of revocation data, this is a finding.

Check Content Reference

M

Target Key

2355

Comments